Survey: 89 Percent Of IT Security Incidents Went Unreported In 2007
RSA Conference recently released the results of its recent survey of security professionals regarding the critical industry and infrastructure issues they currently face.
The RSA Conference survey identified four specific types of security threats as major pain-points for the industry in the coming year. Forty-nine percent of respondents cited data leakage of customer or employee data as their primary area of concern. Coming in a close second, concerns about e-mail-borne malware/phishing were cited by 41 percent of survey respondents. Web-borne malware and insider threats/theft were also worrisome to security professionals, both cited by 36 percent of the respondents.
When asked about the top security and organizational challenges, 49 percent of survey respondents cited lost or stolen devices. Tied for second place, 47 percent of respondents noted both non-malicious employee errors and educating employees. Budgetary constraints trouble 44 percent of respondents.
54 percent of respondents admitted that they had dealt with a security incident - defined as an unexpected activity that brought sudden risk to the organization and took one or more security personnel to address - in 2007. Additionally, 13 percent stated that they addressed more than 20 security incidents during 2007.
Of these incidents, data leakage of customer or employee data, insider threats/theft and intellectual property theft accounted for 29 percent, 28 percent and 16 percent respectively (see Chart 4). However, only 11 percent of those surveyed publicly disclosed any of those security breaches or possible data losses.
“With 29 percent of respondents stating that they experienced the leakage of employee or customer data in 2007, it is alarming to see that only 11 percent of those types of incidents went reported,” said Tim Mather, chief security strategist for RSA Conference. “Security professionals need to remain cognizant of the regulations that their organizations must comply with and ensure they are taking steps to properly report the security incidents that are required by law -- whatever they may be.”
In an attempt to uncover the impact of the “Storm” worm and resulting botnet, a backdoor Trojan horse that had detrimental affects on computer operating systems and received extensive media coverage in 2007, the survey found that a mere two percent of organizations were seriously affected by the outbreak. Conversely, 86 percent said that their organization was not affected by Storm at all
“As we develop educational programming for our information security events, we rely on the real world experiences of security practitioners to help form the agenda at RSA Conference,” said Sandra Toms LaPedis, area vice president and general manager of RSA Conference. “In an attempt to learn from one another, this survey serves not only as a ‘report card’ for the industry, but also provides insight into what issues may be the focus of RSA Conference 2009.”
The study, “What Security Issues are Plaguing You?” includes responses from more than 300 professionals predominantly charged with managing and engineering security infrastructures within their respective organizations.
To see the survey results, visit http://www.rsaconference.com/Security_Topics/Business_Trends_and_ Impact/Blog.aspx?blogId=17053